If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Tor/I2P/Freenet/GNUnet differences and opinions?

I've been reviewing multiple areas of internet encryption and anonmynity and have come across four sources (that I trust) that provide a level of both encryption and anonymous communication for internet usage. However I would love the input and experience of other AO members for the final descision on which one I will be using for personal usage.

Tor: Onion-based routing that acts as a proxy layer between the client computer and the Tor network (middlemen encrypted datatransfers, if I understand it correctly). Allows you to proxy just about anything through the Tor network to create a long string of connection points, encryption, and similar. However I am worried about DNS leaking out information and similar. How can I prevent that? How could I also prevent a man in the middle attack by someone just analyzing incoming data to eventually break the encryption key? Or is the key changed every so often?

I2P aka Invisible Internet Project: Similar to Tor but adds a second layer over TCP/IP for encryption when using other resources on the I2P network. Another middleman layout for anonymous connection but I am unsure about how well it can interact with the non-I2P networks (such as the primary internet). Again, not sure of it's security for middleman attacks.

FreeNet: Seems like a P2P transfer program rather than an alternative to current inecure TCP/Ip communications for multiple aspects of programs.

GNUnet:Seems like a P2P transfer program rather than an alternative to current insecure TCP/IP communications for multiple aspects of programs.

Any corrections? Any recommendations? Any experiences you would like to share? And please, don't link me to the websites. I've already reviewed them all and am looking moreso for clarification and first-hand experience.

\"It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change.\"- Charles Darwin

Depending on what you are trying to do, I would be very suspect of a system that attempts to annonymize your connection through so many "hops" and the final link is un-encrypted. Yes, you could be subject to man-in-the-middle attacks at any point in the chain.

Any time you have to decrypt-encrypt at a hop, you open your communication to hack or to possible source discovery. Not to mention known text attacks, known cypher attacks, you name it.

Originally posted here by rapier57
[B]Depending on what you are trying to do, I would be very suspect of a system that attempts to annonymize your connection through so many "hops" and the final link is un-encrypted. Yes, you could be subject to man-in-the-middle attacks at any point in the chain.

Well, since Tor is created and sponcered in part by EFF, I highly doubt it's something as simple as that. This might help clarification, especially on the end-user:

That seems to offer a good deal of prevention against quick-cypher attacks and assist in the prevention of man-in-the-middle, but I simply don't have documentation to prove it. Thanks for your thoughts but I'm looking for people who have used Tor first hand and have run tests on it's capability.

\"It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change.\"- Charles Darwin

I have played with tor coupled with privoxy for some time. As a set of software that will protect the average user from, the normal, security/privacy issues, that suround, "net usage", they are exelent.

However, they will not give a good level of protection, should you wish to avoid government, security agency, interest?

Edit:

To add.

Tor is based on onion routing, as stated. Where did that line of research come from??

Once you no the answere. Think about the consequenses.

What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

Full white-papers. Full explainations. Full download of source code. Applied to many testing distros by default (Fedora Core) and able to be applied manually to others.

As to, "trach" ing through a tor network, the encryption is not that strong?

http://tor.eff.org/cvs/tor/doc/design-paper/tor-design.html
tor runs layered (more than one) encryption, but I am not sure how strong it's cypher strength is. And since the Tor chain changes every ten minutes, I don't know if a consumer-level product is avaliable to automate the decryption of layered encryption in under a ten minute time frame before they lose the information. Remember, in a tor network the middle men do not know the information of the origonal sender, nor the destination. They only know who it needs to go to next.

I believe. The EFF is based in the USA?? NO??

EFF is a worldwide organization but has a primary focus on the USA due to the natural levels of censorship in effect. They help fight computer crime cases (both in defence and offensive depending on the case) as well as fund/sponcer multiple projects that will allow the user to not only stay informed on political issues regarding security but also means in which they can keep that security intact (Tor).

I'm giving it a test now and am not sure how to detect what information is being leaked from my box now. Gaim and firefox are both set to use the tor proxy (located on my computer), so how would I check for dropped information or DNS leaking?

\"It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change.\"- Charles Darwin

I'm giving it a test now and am not sure how to detect what information is being leaked from my box now. Gaim and firefox are both set to use the tor proxy (located on my computer), so how would I check for dropped information or DNS leaking?

Thats pretty much, not relevant. Tor will tell you when there is a possiblity of leakeage.

Remember, you connect to your ISPs network before you connect to the Internet. If you are not part of their subnet, they will not let you in.

What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

Well, as far as I can understand the protocol, Tor acts as a secondary layer. You send the data, pre-encrypted, to the Tor network chain. The ISP notes that it came from you but is unable to read the encrypted data stream (well, it can, but an ISP decrypting a customers data is another story). So the general attacks wouldn't be on the ISP level since it isn't decrypted until the final destination ISP received the encrypted packet, sends it to the appropriate server, and the server.. decrypts it?

No wait, that doesn't make any sense. Is it indeed encrypted before it is send and is it encrypted by the receiving computer? Or does the first Tor node encrypt it and the last Tor network decrypt it????

\"It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change.\"- Charles Darwin